SlideShare a Scribd company logo

RESTful API - Best Practices

Download as PPTX, PDF
Tricode (part of Dept)
Tricode (part of Dept)

The document outlines best practices for building RESTful APIs, emphasizing the importance of good design, data abstraction, and security. It covers key components such as HTTP verbs, endpoints, response status codes, content types, versioning, and the necessity of documentation. The presentation aims to provide a comprehensive guide for developers to create effective and user-friendly APIs.

Technology
1 of 20
Downloaded 198 times
1
2
3
4
5
6
Most read
7
Most read
8
9
10
11
12
13
14
15
16
17
18
19
Most read
20
Tricode BV De Schutterij 12 -18 3905 PL Veenendaal The Netherlands tel: 0318 - 559210 fax: 0318 - 650909 www.tricode.nl info@tricode.nl Best Practices on Building RESTful API Nikola Vasilev Thursday, 1st of December 2016
Agenda • Introduction • Data Design and Abstraction • Verbs • Endpoints • Request • Response • Demo • Security • Documentation • References 2
RESTful API - Best Practices
Introduction • What is REST? • What is a RESTful API? 4
Introduction • Good RESTful API design is hard! • Language Agnostic Approach 5
Data Design and Abstraction • API First Development • Attaching an API to an existing project • Don’t expose the whole functionality via API 6
Verbs • GET (SELECT): Retrieve a specific Resource from the Server, or a listing of Resources. • POST (CREATE): Create a new Resource on the Server. • PUT (UPDATE): Update a Resource on the Server, providing the entire Resource. • PATCH (UPDATE): Update a Resource on the Server, providing only changed attributes. • DELETE (DELETE): Remove a Resource from the Server. 7
API Root URL • The root location of your API is important. • The API Root URL needs to be as simple as possible: • Provide a list of all endpoints on the root url. • Simple endpoints: – https://api.github.com/ – https://graph.facebook.com – https://api.example.com/v1 – https://yourproduct.com/api/v2 8
Endpoints • Use plural nouns: – https://api.example.com/v1/employees – https://api.example.com/v1/departments – https://api.example.com/v1/employees • Use uniform endpoint for each functionality • Don’t use verbs: – https://api.example.com/v1/add_employee – https://api.example.com/v1/edit_employee – https://api.example.com/v1/delete_employee 9
Endpoints (2) • GET /employees: List all Employees (ID and Name, not too much detail) • POST /employees: Create a new Employee • GET /employees/EID: Retrieve an entire Employee object • PUT /employees/EID: Update an Employee (entire object) • PATCH /employees/EID: Update an Employee (partial object) • DELETE /employees/EID: Delete an Employee 10
Response • GET /employees: Return a listing (array) of Employees • GET /employees/EID: Return an individual Employee • POST /employees: Return the newly created Employee • PUT /employees/EID: Return the complete Employee • PATCH /employees/EID: Return the complete Employee • DELETE /employees/EID: Return an empty document
Status Codes • 200 OK – [GET/PUT/PATCH] The Consumer requested data from the Server, and the Server found it for them (Idempotent) • 201 CREATED – [POST] The Consumer gave the Server data, and the Server created a resource • 204 NO CONTENT – [DELETE] The Consumer asked the Server to delete a Resource, and the Server deleted it • 400 BAD REQUEST – [POST/PUT/PATCH] The Consumer gave bad data to the Server, and the Server did nothing with it (Idempotent) • 404 NOT FOUND – [GET/PUT/PATCH/DELETE] The Consumer referenced a nonexistent Resource or Collection, and the Server did nothing (Idempotent) • 500 INTERNAL SERVER ERROR – [*] The Server encountered an error, and the Consumer has no knowledge if the request was successful
Content Type • JSON { "id": 12, "firstName": "John", "lastName": "Doe", "dateOfBirth": "1987-12-26", } • XML <?xml version="1.0 encoding="UTF-8"?> <employee> <id>12</id> <firstName>John</fristName> <lastName>Doe</lastName> <dateOfBirth>1987-12-28</dateOfBirth> </employee>
It’s Time For
Versioning • No matter how the API has been built. It will be change by time. • A good mechanism for versioning the API should be introduced. • The old version for the existing customers needs to be kept. • The new customers will implement the new version. • Introduce deprecation notice of your api – https://api.yourdomain.com/v1 – https://api.yourdomaincom/v2 15
Authentication • Secure your API • Build a customer token and use Basic Authorization over SSL • OAuth2
Documentation • No Documentation? - No one will know how to use your API. • Make the documentation available publicly (Google needs to know about it) • Document each endpoint, with each action, every response possible. • Build developer API console if possible.
References • Blog: https://codeplanet.io/principles-good-restful-api-design/ • Ebook: https://github.com/tlhunter/consumer-centric-api-design • Hardcopy: https://www.amazon.com/Consumer-Centric-API-Design- Thomas-Hunter/dp/136498900X/
RESTful API - Best Practices
Follow us: tricode.nl facebook.com/tricode linkedin.com/company/tricode slideshare.net/tricode twitter.com/tricode

More Related Content

What's hot (20)

PPSX
Rest api standards and best practices
Ankita Mahajan
 
PDF
What is REST API? REST API Concepts and Examples | Edureka
Edureka!
 
PDF
Designing APIs with OpenAPI Spec
Adam Paxton
 
PPTX
REST-API introduction for developers
Patrick Savalle
 
PPTX
B4USolution_API-Testing
b4usolution .
 
PPTX
Rest API
Rohana K Amarakoon
 
PDF
REST APIs with Spring
Joshua Long
 
PPTX
Api types
Sarah Maddox
 
PPTX
Soap vs rest
Antonio Severien
 
PPTX
ASP.NET Web API and HTTP Fundamentals
Ido Flatow
 
PDF
우아한 모노리스
Arawn Park
 
PPTX
Api Testing
Vishwanath KC
 
PPTX
Api testing
HamzaMajid13
 
PPT
Understanding REST
Nitin Pande
 
PPT
Postman.ppt
ParrotBAD
 
PPTX
Introduction to REST - API
Chetan Gadodia
 
PDF
Intro to GraphQL
Rakuten Group, Inc.
 
PPTX
Understanding REST APIs in 5 Simple Steps
Tessa Mero
 
PPTX
RESTful API Testing using Postman, Newman, and Jenkins
QASymphony
 
PPTX
Introduction to graphQL
Muhilvarnan V
 
Rest api standards and best practices
Ankita Mahajan
 
What is REST API? REST API Concepts and Examples | Edureka
Edureka!
 
Designing APIs with OpenAPI Spec
Adam Paxton
 
REST-API introduction for developers
Patrick Savalle
 
B4USolution_API-Testing
b4usolution .
 
Rest API
Rohana K Amarakoon
 
REST APIs with Spring
Joshua Long
 
Api types
Sarah Maddox
 
Soap vs rest
Antonio Severien
 
ASP.NET Web API and HTTP Fundamentals
Ido Flatow
 
우아한 모노리스
Arawn Park
 
Api Testing
Vishwanath KC
 
Api testing
HamzaMajid13
 
Understanding REST
Nitin Pande
 
Postman.ppt
ParrotBAD
 
Introduction to REST - API
Chetan Gadodia
 
Intro to GraphQL
Rakuten Group, Inc.
 
Understanding REST APIs in 5 Simple Steps
Tessa Mero
 
RESTful API Testing using Postman, Newman, and Jenkins
QASymphony
 
Introduction to graphQL
Muhilvarnan V
 

Viewers also liked (15)

PPTX
Kids Can Code - an interactive IT workshop
Tricode (part of Dept)
 
PDF
Internet Addiction (Social Media Edition)
Tricode (part of Dept)
 
PDF
Intro to JHipster
Tricode (part of Dept)
 
PDF
Porn, the leading influencer of Technology
Tricode (part of Dept)
 
PDF
How Technology is Affecting Society - STM 6
Tricode (part of Dept)
 
PDF
Customers speak on Magnolia CMS
Tricode (part of Dept)
 
PDF
De 4 belangrijkste risicofactoren van het nearshoring proces
Tricode (part of Dept)
 
PDF
Introducing: Tricode's Software Factory
Tricode (part of Dept)
 
ODP
Monolithic to Microservices Architecture - STM 6
Tricode (part of Dept)
 
PDF
Communication and its Importance to a Developer
Tricode (part of Dept)
 
PDF
Offshoring: Top 10 verborgen kosten
Tricode (part of Dept)
 
PDF
Slide empr
Floriana Tudico
 
PDF
Quality Nearshoring met Tricode
Tricode (part of Dept)
 
PDF
Deep Learning - STM 6
Tricode (part of Dept)
 
PDF
EVOLVE'13 | Keynote | Roy Fielding
Evolve The Adobe Digital Marketing Community
 
Kids Can Code - an interactive IT workshop
Tricode (part of Dept)
 
Internet Addiction (Social Media Edition)
Tricode (part of Dept)
 
Intro to JHipster
Tricode (part of Dept)
 
Porn, the leading influencer of Technology
Tricode (part of Dept)
 
How Technology is Affecting Society - STM 6
Tricode (part of Dept)
 
Customers speak on Magnolia CMS
Tricode (part of Dept)
 
De 4 belangrijkste risicofactoren van het nearshoring proces
Tricode (part of Dept)
 
Introducing: Tricode's Software Factory
Tricode (part of Dept)
 
Monolithic to Microservices Architecture - STM 6
Tricode (part of Dept)
 
Communication and its Importance to a Developer
Tricode (part of Dept)
 
Offshoring: Top 10 verborgen kosten
Tricode (part of Dept)
 
Slide empr
Floriana Tudico
 
Quality Nearshoring met Tricode
Tricode (part of Dept)
 
Deep Learning - STM 6
Tricode (part of Dept)
 
EVOLVE'13 | Keynote | Roy Fielding
Evolve The Adobe Digital Marketing Community
 
Ad

Similar to RESTful API - Best Practices (20)

PDF
MuleSoft Surat Virtual Meetup#21 - MuleSoft API and RAML Design Best Practice...
Jitendra Bafna
 
PDF
Modern REST API design principles and rules.pdf
Aparna Sharma
 
PDF
JOSA TechTalks - RESTful API Concepts and Best Practices
Jordan Open Source Association
 
PPTX
Building a REST API for Longevity
MuleSoft
 
PDF
Modern REST API design principles and rules.pdf
Aparna Sharma
 
PDF
REST APIs
Arthur De Magalhaes
 
PDF
The ultimate api checklist by Blendr.io
Blendr.io
 
PDF
REST API Recommendations
Jeelani Shaik
 
PPTX
Api Design
Jason Harmon
 
PPTX
A Deep Dive into RESTful API Design Part 2
VivekKrishna34
 
PDF
How to design a good rest api tools, techniques and best practices.
Nuwan Dias
 
PDF
How to design a good REST API: Tools, techniques and best practices
WSO2
 
PDF
Best practices and advantages of REST APIs
Aparna Sharma
 
PDF
zendframework2 restful
tom_li
 
PPTX
Cloud Side: REST APIs - Best practices
Nicolas FOATA
 
PDF
Consumer centric api design v0.4.0
mustafa sarac
 
PDF
Code-Camp-Rest-Principles
Knoldus Inc.
 
PPTX
API's - Successes to Replicate. Pitfalls to Avoid.
Peter Goldey
 
PPTX
Best Practices for Architecting a Pragmatic Web API.
Mario Cardinal
 
PPTX
Real world RESTful service development problems and solutions
Bhakti Mehta
 
MuleSoft Surat Virtual Meetup#21 - MuleSoft API and RAML Design Best Practice...
Jitendra Bafna
 
Modern REST API design principles and rules.pdf
Aparna Sharma
 
JOSA TechTalks - RESTful API Concepts and Best Practices
Jordan Open Source Association
 
Building a REST API for Longevity
MuleSoft
 
Modern REST API design principles and rules.pdf
Aparna Sharma
 
REST APIs
Arthur De Magalhaes
 
The ultimate api checklist by Blendr.io
Blendr.io
 
REST API Recommendations
Jeelani Shaik
 
Api Design
Jason Harmon
 
A Deep Dive into RESTful API Design Part 2
VivekKrishna34
 
How to design a good rest api tools, techniques and best practices.
Nuwan Dias
 
How to design a good REST API: Tools, techniques and best practices
WSO2
 
Best practices and advantages of REST APIs
Aparna Sharma
 
zendframework2 restful
tom_li
 
Cloud Side: REST APIs - Best practices
Nicolas FOATA
 
Consumer centric api design v0.4.0
mustafa sarac
 
Code-Camp-Rest-Principles
Knoldus Inc.
 
API's - Successes to Replicate. Pitfalls to Avoid.
Peter Goldey
 
Best Practices for Architecting a Pragmatic Web API.
Mario Cardinal
 
Real world RESTful service development problems and solutions
Bhakti Mehta
 
Ad

More from Tricode (part of Dept) (17)

PDF
The Top Benefits of Magnolia CMS’s Inspirational Open Suite Ideology
Tricode (part of Dept)
 
PPTX
Agile QA 2017: A New Hope
Tricode (part of Dept)
 
PDF
Mobile Sensor Networks based on Smartphone devices and Web Services
Tricode (part of Dept)
 
PPTX
Keeping Your Clients Happy and Your Management Even Happier
Tricode (part of Dept)
 
PDF
AEM Digital Assets Management - What's new in 6.2?
Tricode (part of Dept)
 
PDF
10 nearshoring it trends om in 2016 te volgen
Tricode (part of Dept)
 
PDF
Tricode & Magnolia
Tricode (part of Dept)
 
PDF
Why you should use Adobe Experience Manager Mobile
Tricode (part of Dept)
 
PDF
Little Brother Is Watching You
Tricode (part of Dept)
 
PDF
12 hot features to engage and save time with aem 6.2
Tricode (part of Dept)
 
PDF
Tricode = Career + Fun
Tricode (part of Dept)
 
PPT
Content Marketing: How to Create Relevant Content for Your Audience
Tricode (part of Dept)
 
PDF
Provisioning aem with puppet
Tricode (part of Dept)
 
PDF
Adobe Experience Manager - The hub within the Marketing Cloud
Tricode (part of Dept)
 
PPTX
Continuous Delivery for Open Source Java projects
Tricode (part of Dept)
 
PPTX
Intro to OSGi
Tricode (part of Dept)
 
PDF
Online marketing trends 2016
Tricode (part of Dept)
 
The Top Benefits of Magnolia CMS’s Inspirational Open Suite Ideology
Tricode (part of Dept)
 
Agile QA 2017: A New Hope
Tricode (part of Dept)
 
Mobile Sensor Networks based on Smartphone devices and Web Services
Tricode (part of Dept)
 
Keeping Your Clients Happy and Your Management Even Happier
Tricode (part of Dept)
 
AEM Digital Assets Management - What's new in 6.2?
Tricode (part of Dept)
 
10 nearshoring it trends om in 2016 te volgen
Tricode (part of Dept)
 
Tricode & Magnolia
Tricode (part of Dept)
 
Why you should use Adobe Experience Manager Mobile
Tricode (part of Dept)
 
Little Brother Is Watching You
Tricode (part of Dept)
 
12 hot features to engage and save time with aem 6.2
Tricode (part of Dept)
 
Tricode = Career + Fun
Tricode (part of Dept)
 
Content Marketing: How to Create Relevant Content for Your Audience
Tricode (part of Dept)
 
Provisioning aem with puppet
Tricode (part of Dept)
 
Adobe Experience Manager - The hub within the Marketing Cloud
Tricode (part of Dept)
 
Continuous Delivery for Open Source Java projects
Tricode (part of Dept)
 
Intro to OSGi
Tricode (part of Dept)
 
Online marketing trends 2016
Tricode (part of Dept)
 

Recently uploaded (20)

PDF
“Squinting Vision Pipelines: Detecting and Correcting Errors in Vision Models...
Edge AI and Vision Alliance
 
PDF
UPDF - AI PDF Editor & Converter Key Features
DealFuel
 
PDF
SIZING YOUR AIR CONDITIONER---A PRACTICAL GUIDE.pdf
Muhammad Rizwan Akram
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PPTX
Seamless Tech Experiences Showcasing Cross-Platform App Design.pptx
presentifyai
 
PDF
Future-Proof or Fall Behind? 10 Tech Trends You Can’t Afford to Ignore in 2025
DIGITALCONFEX
 
PDF
Staying Human in a Machine- Accelerated World
Catalin Jora
 
PPTX
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
PDF
Go Concurrency Real-World Patterns, Pitfalls, and Playground Battles.pdf
Emily Achieng
 
PDF
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
PDF
What’s my job again? Slides from Mark Simos talk at 2025 Tampa BSides
Mark Simos
 
PPTX
Agentforce World Tour Toronto '25 - MCP with MuleSoft
Alexandra N. Martinez
 
PDF
Kit-Works Team Study_20250627_한달만에만든사내서비스키링(양다윗).pdf
Wonjun Hwang
 
PDF
“Computer Vision at Sea: Automated Fish Tracking for Sustainable Fishing,” a ...
Edge AI and Vision Alliance
 
PPT
Ericsson LTE presentation SEMINAR 2010.ppt
npat3
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PPTX
MuleSoft MCP Support (Model Context Protocol) and Use Case Demo
shyamraj55
 
PPTX
Agentforce World Tour Toronto '25 - Supercharge MuleSoft Development with Mod...
Alexandra N. Martinez
 
PDF
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
“Squinting Vision Pipelines: Detecting and Correcting Errors in Vision Models...
Edge AI and Vision Alliance
 
UPDF - AI PDF Editor & Converter Key Features
DealFuel
 
SIZING YOUR AIR CONDITIONER---A PRACTICAL GUIDE.pdf
Muhammad Rizwan Akram
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
Seamless Tech Experiences Showcasing Cross-Platform App Design.pptx
presentifyai
 
Future-Proof or Fall Behind? 10 Tech Trends You Can’t Afford to Ignore in 2025
DIGITALCONFEX
 
Staying Human in a Machine- Accelerated World
Catalin Jora
 
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
Go Concurrency Real-World Patterns, Pitfalls, and Playground Battles.pdf
Emily Achieng
 
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
What’s my job again? Slides from Mark Simos talk at 2025 Tampa BSides
Mark Simos
 
Agentforce World Tour Toronto '25 - MCP with MuleSoft
Alexandra N. Martinez
 
Kit-Works Team Study_20250627_한달만에만든사내서비스키링(양다윗).pdf
Wonjun Hwang
 
“Computer Vision at Sea: Automated Fish Tracking for Sustainable Fishing,” a ...
Edge AI and Vision Alliance
 
Ericsson LTE presentation SEMINAR 2010.ppt
npat3
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
MuleSoft MCP Support (Model Context Protocol) and Use Case Demo
shyamraj55
 
Agentforce World Tour Toronto '25 - Supercharge MuleSoft Development with Mod...
Alexandra N. Martinez
 
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 

RESTful API - Best Practices

  • 1. Tricode BV De Schutterij 12 -18 3905 PL Veenendaal The Netherlands tel: 0318 - 559210 fax: 0318 - 650909 www.tricode.nl [email protected] Best Practices on Building RESTful API Nikola Vasilev Thursday, 1st of December 2016
  • 2. Agenda • Introduction • Data Design and Abstraction • Verbs • Endpoints • Request • Response • Demo • Security • Documentation • References 2
  • 4. Introduction • What is REST? • What is a RESTful API? 4
  • 5. Introduction • Good RESTful API design is hard! • Language Agnostic Approach 5
  • 6. Data Design and Abstraction • API First Development • Attaching an API to an existing project • Don’t expose the whole functionality via API 6
  • 7. Verbs • GET (SELECT): Retrieve a specific Resource from the Server, or a listing of Resources. • POST (CREATE): Create a new Resource on the Server. • PUT (UPDATE): Update a Resource on the Server, providing the entire Resource. • PATCH (UPDATE): Update a Resource on the Server, providing only changed attributes. • DELETE (DELETE): Remove a Resource from the Server. 7
  • 8. API Root URL • The root location of your API is important. • The API Root URL needs to be as simple as possible: • Provide a list of all endpoints on the root url. • Simple endpoints: – https://api.github.com/ – https://graph.facebook.com – https://api.example.com/v1 – https://yourproduct.com/api/v2 8
  • 9. Endpoints • Use plural nouns: – https://api.example.com/v1/employees – https://api.example.com/v1/departments – https://api.example.com/v1/employees • Use uniform endpoint for each functionality • Don’t use verbs: – https://api.example.com/v1/add_employee – https://api.example.com/v1/edit_employee – https://api.example.com/v1/delete_employee 9
  • 10. Endpoints (2) • GET /employees: List all Employees (ID and Name, not too much detail) • POST /employees: Create a new Employee • GET /employees/EID: Retrieve an entire Employee object • PUT /employees/EID: Update an Employee (entire object) • PATCH /employees/EID: Update an Employee (partial object) • DELETE /employees/EID: Delete an Employee 10
  • 11. Response • GET /employees: Return a listing (array) of Employees • GET /employees/EID: Return an individual Employee • POST /employees: Return the newly created Employee • PUT /employees/EID: Return the complete Employee • PATCH /employees/EID: Return the complete Employee • DELETE /employees/EID: Return an empty document
  • 12. Status Codes • 200 OK – [GET/PUT/PATCH] The Consumer requested data from the Server, and the Server found it for them (Idempotent) • 201 CREATED – [POST] The Consumer gave the Server data, and the Server created a resource • 204 NO CONTENT – [DELETE] The Consumer asked the Server to delete a Resource, and the Server deleted it • 400 BAD REQUEST – [POST/PUT/PATCH] The Consumer gave bad data to the Server, and the Server did nothing with it (Idempotent) • 404 NOT FOUND – [GET/PUT/PATCH/DELETE] The Consumer referenced a nonexistent Resource or Collection, and the Server did nothing (Idempotent) • 500 INTERNAL SERVER ERROR – [*] The Server encountered an error, and the Consumer has no knowledge if the request was successful
  • 13. Content Type • JSON { "id": 12, "firstName": "John", "lastName": "Doe", "dateOfBirth": "1987-12-26", } • XML <?xml version="1.0 encoding="UTF-8"?> <employee> <id>12</id> <firstName>John</fristName> <lastName>Doe</lastName> <dateOfBirth>1987-12-28</dateOfBirth> </employee>
  • 15. Versioning • No matter how the API has been built. It will be change by time. • A good mechanism for versioning the API should be introduced. • The old version for the existing customers needs to be kept. • The new customers will implement the new version. • Introduce deprecation notice of your api – https://api.yourdomain.com/v1 – https://api.yourdomaincom/v2 15
  • 16. Authentication • Secure your API • Build a customer token and use Basic Authorization over SSL • OAuth2
  • 17. Documentation • No Documentation? - No one will know how to use your API. • Make the documentation available publicly (Google needs to know about it) • Document each endpoint, with each action, every response possible. • Build developer API console if possible.
  • 18. References • Blog: https://codeplanet.io/principles-good-restful-api-design/ • Ebook: https://github.com/tlhunter/consumer-centric-api-design • Hardcopy: https://www.amazon.com/Consumer-Centric-API-Design- Thomas-Hunter/dp/136498900X/